import { Steps } from 'nextra/components'
import { Callout } from 'nextra/components'

# Custom Nginx Setup

Rybbit comes with a built-in webserver (Caddy), but you can use your own web server by using the `--no-webserver` flag on the `setup.sh` script. This is an example of how to set up Nginx with SSL certificates using Certbot.

## Prerequisites

- A domain name pointing to your server
- A Linux-based server (these instructions use apt-based systems like Ubuntu/Debian)

## Setup Process

<Steps>
### 1. Run the Setup Script

```bash
./setup.sh your.domain.name --no-webserver
```

### 2. Install Nginx and Certbot

First, install Nginx and Certbot on your server:

```bash
# Update package lists
sudo apt update

# Install Nginx
sudo apt install nginx

# Install Certbot and the Nginx plugin
sudo apt install certbot python3-certbot-nginx
```

### 3. Configure Nginx

Create a new Nginx server configuration file:

```bash
sudo nano /etc/nginx/sites-available/rybbit
```

Add the following configuration (replace `your.domain.name` with your actual domain):

```nginx
server {
    listen 80;
    server_name your.domain.name;

    # We'll start with a basic HTTP configuration
    # Certbot will modify this file later to add HTTPS

    location / {
        proxy_pass http://localhost:3002;  # Client port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/ {
        proxy_pass http://localhost:3001/;  # Backend port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

<Callout type="warning">
  Note the trailing slash in the proxy_pass for the API location. This is important to correctly strip the `/api/` prefix when forwarding requests to the backend service.
</Callout>

### 4. Enable the Site Configuration

Enable the site by creating a symbolic link and test the configuration:

```bash
# Enable the site
sudo ln -s /etc/nginx/sites-available/rybbit /etc/nginx/sites-enabled/

# Test the configuration
sudo nginx -t

# If the test is successful, restart Nginx
sudo systemctl restart nginx
```

### 5. Set Up SSL with Certbot

Certbot can automatically configure Nginx to use HTTPS:

```bash
sudo certbot --nginx -d your.domain.name
```

Certbot will automatically modify your Nginx configuration to include SSL certificate settings and HTTPS server blocks.

### 6. Verify the Setup

Your final Nginx configuration (in `/etc/nginx/sites-available/rybbit`) should now include HTTPS settings. You can check it with:

```bash
sudo cat /etc/nginx/sites-available/rybbit
```

It should include SSL certificate paths and a server block for HTTPS.
</Steps>

## Certificate Renewal

Certbot creates a systemd timer that automatically renews certificates before they expire. You can verify it's active with:

```bash
sudo systemctl status certbot.timer
```

You can also test the renewal process (without actually renewing) using:

```bash
sudo certbot renew --dry-run
```

## Troubleshooting

If you encounter issues:

1. Check Nginx error logs:
   ```bash
   sudo tail -f /var/log/nginx/error.log
   ```

2. Verify that the Docker containers are running and exposing the correct ports:
   ```bash
   docker ps
   ```

3. Test connectivity to the backend and client services:
   ```bash
   curl -v http://localhost:3001
   curl -v http://localhost:3002
   ```

4. If the Certbot automatic configuration fails, you can manually add SSL configuration to your Nginx server block.
